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DETAILED ACTION 

This office action has been issued in response to Amendments to the claims, and 
Remarks filed on May 08, 2009. Claims 1-14, and 17-22 are currently pending in which 
claims 1, 13, and 17 are in independent form. 
Status of Claims: 

Claims 1-14, and 17-22 are rejected under 35 U.S.C. 102(b). 
Accordingly, this action has been made FINAL. 

Response to Amendment 

Applicant's May 08, 2009 amendments to the Claims have been received and 
entered, in which claims 1,13, and 17 are amended. 

Response to Arguments 

Applicant's arguments filed May 08, 2009 have been fully considered and are not persuasive 
as they relate to 35 U.S.C. 102. Applicant's argument regarding the amended claims related 
to the recording and storing of the encrypted messages for later review is specifically 
addressed. Regarding Applicant's argument concerning "encrypted after it passes through a 
network", Van Oorshot et al teaches the server (14 in Figure 1) being involved in the 
encryption of communicated text after passing through the first area network, corresponding to 
end-users 18-22 (Oorshot: column 3, lines 16-32; column 3, line 33 to column 4, line 67). As 
such, Applicant's argument has been fully considered and is not persuasive. Applicant's claim 



Application/Control Number: 10/525,260 Page 3 

Art Unit: 2434 

amendments have been entered. Accordingly, as stated above, the rejections remain and are 
shown below in greater detail with respect to the amended claims. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1-14 and 17-22 rejected under 35 U.S.C. 102(b) as being anticipated by 
Van Oorshot et al U.S. Patent Number 6,229,894; Date of Patent: May 8, 2001 
hereinafter Van Oorshot. 

As to claim 1 , the following is taught: "a method for monitoring (Van Oorshot: 
column 2, lines 4-10 indicate the needs of the law enforcement agencies in the 
monitoring of communications) of communications traffic, comprising: connecting a 
recorder to a network switch to record packet-data communication traffic received from, 
and passing through, the network switch; 

encrypting the packet-data communication traffic at an encryption engine 
communicatively connected to the recorder after the packet-data communication traffic 
has passed through the network switch to create encrypted data (Van Oorshot: column 
5, lines 56-65 - also see encrypted transmission (ciphertext) 54 in Figure 2 which 
includes the signature of sending end-user 56, the encrypted file or message 58, and 
the wrapped session key 52; and 
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storing the encrypted data (Van Oorshot: Figure 1 , and its description starting in 
column 3, line 15 discloses the receiving, encrypting, recording, and storing of 
communications data as well as a decryption key required for its decoding) in a storage 
device such that the encrypted data can be decrypted only by means of decryption keys 
that exhibit restricted availability (Van Oorshot: column 4 line 59 to column 5, line 5)." 

As to claim 2, the following is taught: "the method as claimed in claim 1 further 
including employment of a spare disk and/or CPU capacity within a telecommunications 
system (Van Oorshot: column 7, lines 17-30)." 

As to claim 3, the following is taught: "the method as claimed in claim 1 further 
including the step of including encrypted search conditions within the decryption keys 
that are made selectively available (Van Oorshot: column 7, lines 43-61)." 

As to claim 4, the following is taught: "the method as claimed in claim 1 , further 
including the step of employing separate levels of authorization for access to the stored 
data (Van Oorshot: column 3, lines 1-8; column 7, lines 31-42)." 

As to claim 5, the following is taught: "the method as claimed in claim 1 , further 
including the step of employing a decryption key that is useable only once (Van 
Oorshot: column 7, line 55-57; column 8, lines 21-39, and lines 45-51)." 
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As to claim 6, the following is taught: "the method as claimed in claim 1 , further 
including the step of logging (Van Oorshot: Abstract, column 1 , lines 60-67 discloses 
identity authentication of requestor) all accesses to the stored data to an encrypted 
secure audit trail (Van Oorshot: column 3, line 57 to column 4, line 5; column 5, lines 
56-65)." 

As to claim 7, the following is taught: "the method as claimed in claim 1 , further 
including a tamper detection reference within the encrypted data (Van Oorshot: column 
4, lines 23-67)." 

As to claim 8, the following is taught: "the method as claimed in claim 1 , further 
including the step of monitoring all the available communications traffic (Van Oorshot: 
column 2, lines 4-14, disclose the problem for law enforcement agencies to obtain wire- 
tap information; column 10, lines 43-52 disclose the legal capability of law enforcement 
agencies to monitor and record unlimited information for its lawful and potential future 
scrutiny)." 

As to claim 9, the following is taught: "the method as claimed in claim 8, wherein 
the step of storing the recorded traffic comprises the step of recording all of the 
recorded traffic (Van Oorshot: column 2, lines 4-14, disclose the problem for law 
enforcement agencies to obtain wire-tap information; column 10, lines 43-52 disclose 
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the legal capability of law enforcement agencies to monitor and record unlimited 
information for its lawful and potential future scrutiny)." 

As to claim 10, the following is taught: "the method as claimed in claim 1 , wherein 
the communications traffic to be recorded comprises traffic through a 
telecommunications switch, router or gateway (Van Oorshot: column 3, lines 15-32; 
column 3, lines 16-39)." 

As to claim 1 1 , the following is taught: "the method as claimed in claim 1 , further 
including the step of encrypting details relating to the communications traffic and storing 
the said encrypted details for subsequent access (Van Oorshot: Figure 2, and column 
5, line 28 to column 8, line 6)." 

As to claim 12, the following is taught: "the method as claimed in claim 1, further 
including the step of authorizing use of the required decryption key in a restricted 
manner (Van Oorshot: Figure 3, and column 8, lines 7-59)." 

As to claim 13, the following is taught: "a system for monitoring of 
communications traffic, comprising: 

"a recorder that records the communications traffic, the communications traffic 
being received by the recorder from a network switch; 
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an encryption engine that encrypts the communications traffic after the 
communications traffic has passed through the network switch to the recorder (Van 
Oorshot: column 5, lines 56-65 - also see encrypted transmission (ciphertext) 54 in 
Figure 2 which includes the signature of sending end-user 56, the encrypted file or 
message 58, and the wrapped session key 52; also see server 16, processing device 
90, memory 92 of Figure 2, and column 7, lines 17-27), and" 

"a storage device that stores recorded communications traffic as encrypted data, 
such that the encrypted data can be decrypted only by means of keys that exhibit 
restricted availability (Van Oorshot: see secure storage of users' decryption private 
keys of server 16 in Figure 2, and column 7, lines 27-30; and directory 68 (a database) 
of Figure 2, and column 6, lines 50-54)." 

As to claim 14, the following is taught: "the system as claimed in claim 13 further 
including application software and executes the method steps of any one or more of 
claims 2-12 (See Van Oorshot's teachings above with regards to claim 13, and 
specifically with regards to claims 2-12)" 

As to claim 15: (cancelled). 



As to claim 16: (cancelled). 
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As to claim 17, the following is taught: "a method for monitoring of 
communications traffic, comprising the steps of:" 

"receiving communications traffic from a network switch; encrypting the 
communications traffic after the packet-data communication traffic has passed through 
the network switch (Van Oorshot: column 5, lines 56-65 - also see encrypted 
transmission (ciphertext) 54 in Figure 2 which includes the signature of sending end- 
user 56, the encrypted file or message 58, and the wrapped session key 52) to generate 
encrypted communications traffic data (Van Oorshot: Figure 1, and its description 
starting in column 3, line 15 discloses the receiving, encrypting, recording, and storing 
of communications data as well as a decryption key required for its decoding);" 

"storing the encrypted communications traffic data in a storage device (Van 
Oorshot: see server 16, processing device 90, memory 92 of Figure 2, and column 7, 
lines 17-27) such that the encrypted communications traffic data can be decrypted by 
decryption keys that exhibit restricted availability, that allow encrypted search conditions 
and that employ separate levels of authorization for access to the stored data (Van 
Oorshot: see secure storage of users' decryption private keys of server 16 in Figure 2, 
and column 7, lines 27-30; and directory 68 (a database) of Figure 2, and column 6, 
lines 50-54); and" 

"encrypting details relating to the communications traffic and storing the said 
encrypted details for subsequent access (Van Oorshot: see sending end-user 18, and 
end-user encryption certificate of end-user 60, 62, 64 in Figure 2, and column 5, lines 
39-55)." 
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As to claim 18, the following is taught: "the method as claimed in claim 17, further 
including the step of employing a decryption key that is useable only once (Van 
Oorshot: column 8, lines 21-39)." 

As to claim 19, the following is taught: "the method as claimed in claim 17, further 
including the step of logging (Van Oorshot: Abstract, column 1, lines 60-67 discloses 
identity authentication of requestor) all accesses to the stored data to an encrypted 
secure audit trail (Van Oorshot: column 3, line 57 to column 4, line 5; column 5, lines 
56-65)." 

As to claim 20, the following is taught: "the method as claimed in claim 17, further 
including a tamper detection reference within the encrypted data (Van Oorshot: column 
4, lines 23-67)." 

As to claim 21 , the following is taught: "the method as claimed in claim 17, further 
including the step of monitoring all the available communications traffic (Van Oorshot: 
column 2, lines 4-14, disclose the problem for law enforcement agencies to obtain wire- 
tap information; column 10, lines 43-52 disclose the legal capability of law enforcement 
agencies to monitor and record unlimited information for its lawful and potential future 
scrutiny)." 
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As to claim 22, the following is taught: "the method as claimed in claim 17, 
wherein the step of storing the recorded traffic comprises the step of recording all of the 
recorded traffic (Van Oorshot: column 2, lines 4-14, disclose the problem for law 
enforcement agencies to obtain wire-tap information; column 10, lines 43-52 disclose 
the legal capability of law enforcement agencies to monitor and record unlimited 
information for its lawful and potential future scrutiny)." 



Conclusion 

3. THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded 
of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to STEPHEN SANDERS whose telephone number is 
(571)270-5308. The examiner can normally be reached on M - F; 7:30a.m. - 5:00p.m.. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571-272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Stephen Sanders/ 
Examiner, Art Unit 2434 

/Kambiz Zand/ 



Supervisory Patent Examiner, Art Unit 2434 



